using System;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class ReturnBook : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (null != Membership.GetUser())
        {
            if (Roles.IsUserInRole(Membership.GetUser(true).UserName, "admin"))
            {
                ((Label)this.LoginViewAdmin.FindControl("star1")).Text = "";
                ((Label)this.LoginViewAdmin.FindControl("star2")).Text = "";
                ((Label)this.LoginViewAdmin.FindControl("star3")).Text = "";
                ((Label)this.LoginViewAdmin.FindControl("error1")).Text = "";
                ((Label)this.LoginViewAdmin.FindControl("error2")).Text = "";
            }
        }
    }

    protected void returnButton_Click(object sender, EventArgs e)
    {
        string givenBookid = ((TextBox)this.LoginViewAdmin.FindControl("givenBookid")).Text;
        string givenUsername = ((TextBox)this.LoginViewAdmin.FindControl("givenUsername")).Text;

        if (givenBookid == "" || givenUsername == "")
        {
            ((Label)this.LoginViewAdmin.FindControl("error1")).Text = "You must provide";

            if (givenBookid == "")
            {
                ((Label)this.LoginViewAdmin.FindControl("star1")).Text = "*";
                ((Label)this.LoginViewAdmin.FindControl("error1")).Text += " an ISBN number";
            }

            if (givenBookid == "" && givenUsername == "")
                ((Label)this.LoginViewAdmin.FindControl("error1")).Text += " and";

            if (givenUsername == "")
            {
                ((Label)this.LoginViewAdmin.FindControl("star2")).Text = "*";
                ((Label)this.LoginViewAdmin.FindControl("error1")).Text += " a Username";
            }

            ((Label)this.LoginViewAdmin.FindControl("error1")).Text += ".";

            return;
        }

        SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["sylib"].ConnectionString);
        connection.Open();

        string sCommand = "SELECT * FROM [requests], [books] WHERE [username] = '" + givenUsername +
            "' AND [requestedbookid] = '" + givenBookid + "'";
        SqlCommand cmd = new SqlCommand(sCommand, connection);
        try
        {
            int myRequestid = (int)cmd.ExecuteScalar();

            sCommand = "SELECT * FROM [books] WHERE [bookid] = " + givenBookid;
            cmd = new SqlCommand(sCommand, connection);
            SqlDataReader myReader;
            myReader = cmd.ExecuteReader();
            myReader.Read();
            Int32 numRequested = (Int32)myReader.GetValue(6);
            myReader.Close();
            if (numRequested <= 0)
            {
                ((Label)this.LoginViewAdmin.FindControl("error1")).Text = 
                    "The book indicated is not currently chhcked out by anyone.";
                connection.Close();
                return;
            }
            
            sCommand = "UPDATE [books] SET [requested] = [requested]-1 WHERE [bookid] = '" + givenBookid + "'";
            cmd = new SqlCommand(sCommand, connection);
            cmd.ExecuteNonQuery();

            sCommand = "DELETE FROM [requests] WHERE requestid = '" + myRequestid.ToString() + "'";
            cmd = new SqlCommand(sCommand, connection);
            cmd.ExecuteNonQuery();
        }
        catch (Exception err)
        {
            ((Label)this.LoginViewAdmin.FindControl("error1")).Text = 
                "Could not return book, are the ISBN and Username correct?";
        }

        connection.Close();
    }

    protected void returnIdButton_Click(object sender, EventArgs e)
    {
        string givenRequestid = ((TextBox)this.LoginViewAdmin.FindControl("givenRequestid")).Text;

        if (givenRequestid == "")
        {
            ((Label)this.LoginViewAdmin.FindControl("star3")).Text = "*";
            ((Label)this.LoginViewAdmin.FindControl("error2")).Text = "You must provide a Request ID number.";
            return;
        }

        SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["sylib"].ConnectionString);
        connection.Open();

        string sCommand = "SELECT * FROM [requests] WHERE [requestid] = " + givenRequestid;
        SqlCommand cmd = new SqlCommand(sCommand, connection);

        try
        {
            SqlDataReader myReader;
            myReader = cmd.ExecuteReader();
            myReader.Read();
            string myBookid = myReader.GetString(2);
            myReader.Close();

            sCommand = "SELECT * FROM [books] WHERE [bookid] = " + myBookid;
            cmd = new SqlCommand(sCommand, connection);
            myReader = cmd.ExecuteReader();
            myReader.Read();
            Int32 numRequested = (Int32)myReader.GetValue(6);
            myReader.Close();
            if (numRequested <= 0)
            {
                ((Label)this.LoginViewAdmin.FindControl("error2")).Text = "The book indicated is not currently checked out by anyone.";
                connection.Close();
                return;
            }
            
            sCommand = "UPDATE [books] SET [requested] = [requested]-1 WHERE [bookid] = '" + myBookid + "'";
            cmd = new SqlCommand(sCommand, connection);
            cmd.ExecuteNonQuery();

            sCommand = "DELETE FROM [requests] WHERE requestid = '" + givenRequestid.ToString() + "'";
            cmd = new SqlCommand(sCommand, connection);
            cmd.ExecuteNonQuery();
        }
        catch (Exception err)
        {
            ((Label)this.LoginViewAdmin.FindControl("error2")).Text = "Could not return book, is the Request ID correct?";
        }

        connection.Close();
    }
}
